﻿<%@ Application Language="C#" %>

<script runat="server">

    void Application_Start(object sender, EventArgs e) 
    {
        //在应用程序启动时运行的代码

    }
    
    void Application_End(object sender, EventArgs e) 
    {
        //在应用程序关闭时运行的代码

    }
        
    void Application_Error(object sender, EventArgs e) 
    { 
        //在出现未处理的错误时运行的代码

    }

    void Session_Start(object sender, EventArgs e) 
    {
        //在新会话启动时运行的代码

    }

    void Session_End(object sender, EventArgs e) 
    {
        //在会话结束时运行的代码。 
        // 注意: 只有在 Web.config 文件中的 sessionstate 模式设置为
        // InProc 时，才会引发 Session_End 事件。如果会话模式 
        //设置为 StateServer 或 SQLServer，则不会引发该事件。

    }

    protected void Application_BeginRequest(object sender, EventArgs e)
    {
        HttpContext context = ((HttpApplication)sender).Context;

        string requestPath = context.Request.Path.ToLower();

        if ((requestPath.IndexOf("-") > 0 && requestPath.IndexOf(".") == -1) || (requestPath.IndexOf("-") > 0 && requestPath.IndexOf("aspx") > 0))
        {
            string[] query = requestPath.Substring(requestPath.LastIndexOf("/") + 1).Replace(".aspx", "").Split('-');

            string url = requestPath.Substring(0, requestPath.LastIndexOf("/") + 1);

            switch (query[0])
            {
                default:
                    url += query[0] + ".aspx?";
                    for (int i = 0; i < query.Length; i++)
                    {
                        if (query[i] != "")
                        {
                            switch (i)
                            {
                                case 1:
                                    url += "sel=" + query[i];
                                    break;

                                case 2:
                                    url += "&keywork=" + query[i];
                                    break;

                                case 3:
                                    url += "&page=" + query[i];
                                    break;

                                case 4:
                                    url += "&p4=" + query[i];
                                    break;

                                case 5:
                                    url += "&p5=" + query[i];
                                    break;

                                case 6:
                                    url += "&p6=" + query[i];
                                    break;
                            }
                        }
                    }
                    break;
            }

            context.RewritePath(url);
        }

        //防止SQL注入
        string[] sqlin = "and |exec |insert |select |delete |update |count |chr |mid |master |truncate |char |declare ".Split('|');

        foreach (string n in this.Request.Form)
        {
            string s = Request.Form[n];

            foreach (string si in sqlin)
            {
                if (s.IndexOf(si) >= 0)
                {
                    Response.Write("非法操作");
                    Response.End();
                }
            }
        }

        foreach (string n in this.Request.QueryString)
        {
            string s = Request.QueryString[n];

            foreach (string si in sqlin)
            {
                if (s.IndexOf(si) >= 0)
                {
                    Response.Write("非法操作");
                    Response.End();
                }
            }
        }
    }
</script>
